n engl j med 348;15 www.nejm.org april 10, 2003
The new england journal of medicine
The Cost of HIPAA Compliance
Peter Kilbridge, M.D.
The deadline for compliance with the regulations
for patient privacy in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is now
upon us, and hospitals and physician groups are in
the throes of working to meet it. This is an enormous chore, affecting numerous areas of hospital
operations and, ultimately, every employee.
Meeting the requirements of the extensive privacy regulations â€” the deadline for which is April 14,
2003 â€” has been consuming substantial time, resources, and energy from hospitals and physician
groups. For example, essentially all employees must
be trained in the protection of patientsâ€™ privacy, and
their completion of this training must be documented. The training focuses on practices for handling
protected health information: for example, avoiding
discussing patients within the hearing of others, locating fax machines and printers in secure areas,
and obtaining only the information about a patient
that is required for the job at hand. Some hospitals
have developed their own materials in the form of
scenario-based videos or computer-based productions. Others have brought in outside educators or
opted to conduct face-to-face classroom training.
A study commissioned by the American Hospital
Association in 2000 estimated the average cost of
training at $16 per employee.
HIPAA requires that a notice of privacy be given
to every patient, informing him or her of, among
other things, the organizationâ€™s usual uses of information about patients and patientsâ€™ rights with
regard to their records. The privacy notice, among
other aspects of the requirements, is discussed by
Annas in this issue of the Journal (pages 1486â€“1490).
The notice must be presented to every patient at his
or her first appearance for care after the April 14
deadline, and the patientâ€™s acknowledgment of
receipt of the notice must be recorded. Even for a
small hospital, just the cost of printing a multipage
form for every active patient, at a few cents apiece, is
substantial. Organizations with multiple locations
for care delivery must deal with the added costs of
duplication of materials and effort, since some patients will receive more than one notice if they visit
multiple locations. In addition, such organizations
face the challenge of keeping a consolidated record
of which patients have received the notice. Many organizations are investing in new information systems to manage this massive tracking effort.
Physiciansâ€™ offices and clinics must effect behavioral change in the practice setting. Physicians and
nurses may not talk with patients about diagnostic
and care information in public areas. Members of
the office staff must conduct telephone and other
conversations in a manner that reduces their use of
information that identifies particular patients. If
chart racks are located in hallways outside clinic
rooms, the charts should be placed with the patient
information facing the wall. Physicians must attend
to the details of office layout and logistics as well. It
may be necessary to move waiting-room seats some
distance from the administrative area to reduce the
likelihood that patients will overhear conversations;
it may be necessary to play music or run white-noise
machines in order to obscure the sound of conversations in clinic rooms. Computers may need to be relocated away from hallways or to be equipped with
screens that inhibit casual viewing by passersby.
Organizations are required under the privacy
regulations to track all disclosures of patient information for uses beyond treatment, payment, and
operations. In order to do so, they must first determine what constitutes a disclosure for a use beyond
normal operations (for example, is a particular request for a record being made for the purposes of
quality improvement â€” which is considered a normal operation â€” or for research purposes?). They
must establish policies and procedures for making
these determinations. And they must construct a
system for tracking every such release â€” whether of
paper records or electronic information. Tracking
the release of electronic information will most likely
require the purchase of a computer program designed for this purpose and the implementation of
the system in a fashion that ensures the capture of
all instances of disclosure, from any site where care
Other challenges in the implementation of com-
n engl j med 348;15 www.nejm.org april 10, 2003
The new england journal of medicine
pliance with the HIPAA regulations include the potential need to revise contracts with all â€œbusiness
associatesâ€ to bind these parties to HIPAA privacy
practices; the management of hospital directories
(patients have the right to determine whether and
how they wish to be listed in the patient directory
when they are admitted to the hospital); the management of amendments to patient records; the implications of the regulations for clinical research;
implications for hospital fundraising (physicians
have to obtain authorization from patients for the
release of information to development officers); and
resolution of issues regarding preemption by state
law. In addition, considerable resources are being
devoted to the implementation of standards for electronic transactions and to the implementation of
newly released electronic security requirements.
The magnitude of the overall challenge is reflected in the winter 2003 survey of HIPAA readiness
conducted by the Healthcare Information and Management Systems Society and Phoenix Health Systems. As of January 2003, only 9 percent of 467
provider organizations responding to the survey indicated that they believed they had achieved compliance with the privacy rules. The survey also showed
that there was broad agreement that the most difficult aspect of the process was understanding and
interpreting the regulations and that hospitals tend
to use outside consultants primarily for assessment
and planning activities, tackling the greatest portion
of the work â€” implementation â€” with internal resources. Estimated spending to comply with HIPAA
varies greatly among organizations (see Figure).
The results of the survey are in line with those
cited by the organizations that I interviewed, and
many organizations agreed that the financial outlay
required â€” although it is substantial â€” has been
somewhat smaller than they anticipated. The 2000
American Hospital Association study cited above estimated that the average cost of compliance per hospital ranged from about $670,000 to $3.7 million
â€” considerably more than the figures in the 2003
survey suggest. Modifications of the regulations in
the past year clearly contributed to the difference,
but perhaps the most important reason for the discrepancy is that although most hospitals and large
practices have had to hire or commit one or several
full-time employees (such as a privacy officer) to
heading up the compliance effort, the majority of
the work is being done with existing resources â€”
while other initiatives are put on hold.
What is being accomplished with all this effort?
The extensive privacy regulations enforce the adoption of privacy-conscious behavior by caregivers
and employees of hospitals and health care practices â€” an area in which medicine has historically been
rather lax; and greater attention should be paid to
safeguarding privacy in an era of universal electronic communication and increasing computerization
of confidential patient information. On the other
hand, some of the regulations seem excessively burdensome â€” such as requiring the tracking of every
disclosure of information for uses beyond treatment, payment, and operations and recording the
acknowledgment of receipt of an 8-to-20-page informational document that most patients will throw
away without reading. One thing is certain: many
organizations will breathe a sigh of relief when
HIPAA compliance is behind them.
From Kilbridge Associates, Cambridge, Mass.
2003 Budgets for HIPAA Compliance, According to Size of Hospital. Data are from the Healthcare Information and Management Systems Society and Phoenix Health Systems.
<$100,000 $100,000â€“$500,000 $500,000â€“$1,000,000 >$1,000,000
2003 HIPAA Budgets
<100 Beds 100â€“400 Beds >400 Beds
1% 4% 16% 20%
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.
Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.
While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.
Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.
In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.
Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.
We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!
We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.
Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.
We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.
Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.
There is a very low likelihood that you won’t like the paper.
Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.
We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.
You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.
We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.
You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.
Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.
You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.
The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more